Commit 94c80b25 authored Sep 03, 2005 by Bodo Stroesser Committed by Linus Torvalds Sep 05, 2005

[PATCH] Ptrace/i386: fix "syscall audit" interaction with singlestep



      Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>

Avoid giving two traps for singlestep instead of one, when syscall auditing is
enabled.

In fact no singlestep trap is sent on syscall entry, only on syscall exit, as
can be seen in entry.S:

# Note that in this mask _TIF_SINGLESTEP is not tested !!! <<<<<<<<<<<<<<
        testb $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP),TI_flags(%ebp)
        jnz syscall_trace_entry
	...
syscall_trace_entry:
	...
	call do_syscall_trace

But auditing a SINGLESTEP'ed process causes do_syscall_trace to be called, so
the tracer will get one more trap on the syscall entry path, which it
shouldn't.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
CC: Roland McGrath <roland@redhat.com>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent 08b178eb

arch/i386/kernel/ptrace.c

+13 −2

Original line number	Diff line number	Diff line
		@@ -683,9 +683,20 @@ void do_syscall_trace(struct pt_regs *regs, int entryexit)
		/* do the secure computing check first */
		secure_computing(regs->orig_eax);

		if (unlikely(current->audit_context) && entryexit)
		if (unlikely(current->audit_context)) {
		if (entryexit)
		audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), regs->eax);

		/* Debug traps, when using PTRACE_SINGLESTEP, must be sent only
		* on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is
		* not used, entry.S will call us only on syscall exit, not
		* entry ; so when TIF_SYSCALL_AUDIT is used we must avoid
		* calling send_sigtrap() on syscall entry.
		*/
		else if (is_singlestep)
		goto out;
		}

		if (!(current->ptrace & PT_PTRACED))
		goto out;

Admin message